It's the thing that owns the secrets anyway, and it simplifies things to
have the secrets handling there instead of half in NMActRequest and
half in NMManager. It also means we can get rid of the ugly signals
that NMSettingsConnection had to emit to get agent's secrets, and
we can consolidate the requests for the persistent secrets that the
NMSettingsConnection owned into NMSettingsConnection itself instead
of also in NMAgentManager.
Since the NMActRequest and the NMVPNConnection classes already tracked
the underlying NMSettingsConnection representing the activation, its
trivial to just have them ask the NMSettingsConnection for secrets
instead of talking to the NMAgentManager. Thus, only the
NMSettingsConnection now has to know about the agent manager, and it
presents a cleaner interface to other objects further up the chain,
instead of having bits of the secrets request splattered around the
activation request, the VPN connection, the NMManager, etc.
When a user makes an explicit request for secrets via GetSecrets
or activates a device, don't ask other users' agents for secrets.
Restrict secrets request to agents owned by the user that made the
initial activate or GetSecrets request.
Automatic activations still request secrets from any available agent.
Due to limitations in dbus-glib, where one GObject cannot have more
than one introspection XML object attached to it, we used to include
more than one <interface> in the VPNConnection object introspection
XML. This was suboptimal for two reasons:
1) it duplicated the Connection.Active introspection XML which
made it harder for clients to use the introspection data in a
dynamic fashion, besides looking ugly in the docs
2) not many other programs use this feature of dbus-glib, which
means it didn't get a lot of testing, and broke, which sucks
for NM.
To fix this issue, create a base class for NMVpnConnection that
handles the Connection.Active API, and make NMVpnConnection itself
handle just the VPN pieces that it layers on top. This makes
dbus-glib happy because we aren't using two <interface> blocks
in the same introspection XML, and it makes the NM code more
robust because we can re-use the existing Connection.Active
introspection XML in the NMVpnConnectionBase class.
Filter registered agents for each secrets request to ensure that the
connection for which secrets are requested is visible to that agent,
and add that agent to the queue. Ask each agent in the queue until
one returns usable secrets. Ensure that if new agents register
or existing agents quit during the secrets request, that the queue
is updated accordingly, and ensure that an agent that's already
been asked for secrets, unregisters, and re-registers before the
secrets request is comple, isn't asked for secrets twice.
Instead of a bizare mechanism of signals back to the manager
object that used to be required because of the user/system settings
split, let each place that needs secrets request those secrets
itself. This flattens the secrets request process a ton and
the code flow significantly.
Previously the get secrets flow was something like this:
nm_act_request_get_secrets ()
nm_secrets_provider_interface_get_secrets ()
emits manager-get-secrets signal
provider_get_secerts ()
system_get_secrets ()
system_get_secrets_idle_cb ()
nm_sysconfig_connection_get_secrets ()
system_get_secrets_reply_cb ()
nm_secrets_provider_interface_get_secrets_result ()
signal failure or success
now instead we do something like this:
nm_agent_manager_get_secrets ()
nm_agent_manager_get_secrets ()
request_start_secrets ()
nm_sysconfig_connection_get_secrets ()
return failure or success to callback
Remove all references to connection scope and user-settings services
from the various internal APIs of the daemon. The external DBus API
remains unchanged, albeit in stub form for scope stuff.
Commit 715ddd2045 broke sharing because
sometimes a multi-argument string gets passed in rule->rule. Revert
most of that commit. A bunch of cleanups by dcbw too.
Mark activation requests that contain connections to be assumed,
and use that to short-circuit various parts of the activation
process by not touching various device attributes, since they
are already set up. Also ensure the device is not deactivated
when it initially becomes managed, because that would kill the
connection we are about to assume.
The only thing that doesn't work yet is the system-settings service's
"auto eth" connections for ethernet devices that don't have an existing
connection. Might also have issues with unmanaged devices that can't
provide a MAC address until they are brought up, but we'll see.
Do connection sharing in a cleaner manner; all required iptables rules
are now stored in the activation request and pertain only to the device
which is being shared to other computers.
* src/nm-activation-request.c
src/nm-activation-request.h
- (nm_act_request_add_share_rule): new function; add a sharing rule to
the activation request which will get torn down automatically when
the activation request dies
- (nm_act_request_set_shared): push sharing rules to iptables when sharing
is started, and tear them down when sharing is stopped
* src/nm-device.c
- (start_sharing): start up sharing by doing the required iptables magic
- (share_init): poke the right bits of the kernel and load the right
modules for NAT
- (nm_device_activate_stage5_ip_config_commit): start NAT-ing this
connection if it's a 'shared' connection
* src/NetworkManagerPolicy.c
- Remove all sharing stuff; done in the device code itself
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3969 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-activation-request.c
src/vpn-manager/nm-vpn-connection.c
- Correct GetSecrets D-Bus pending call usage; the GetSecrets call
itself should be attached to the activation request or the VPN
connection, not the NMConnection object, since the call is not
expected to live as long as the NMConnection itself
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3880 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Modify the NMDevice::state-changed signal to include the previous state
and reason. Enables the applet to provide more information why device
activation failed.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3819 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* introspection/nm-active-connection.xml
introspection/nm-vpn-connection.xml
libnm-glib/nm-active-connection.c
src/nm-activation-request.c
src/nm-active-connection.h
src/vpn-manager/nm-vpn-connection.c
- Remove "SharedServiceName" and "SharedConnection" bits from the D-Bus
and libnm-glib API since sharing didn't get implemented that way
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3797 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Fix mobile broadband username/password issues. NM was never requesting
mobile broadband secrets, nor was it passing back the username and password
if it had them.
* marshallers/nm-marshal.list
- Add some new types for activation request objects
* src/nm-activation-request.c
src/nm-activation-request.h
- (get_secrets_cb): pass the caller type in the signal
- (nm_act_request_request_connection_secrets): take a caller type, so
that GetSecrets() reply handlers know who asked for the secrets in
the first place; use secret hints too so the settings service can
figure out exactly what NM wants (ie, PIN or the PPP password)
* src/ppp-manager/nm-ppp-manager.c
src/ppp-manager/nm-ppp-manager.h
- (impl_ppp_manager_need_secrets): nm_connection_need_secrets() won't
detect needed secrets when the secret could be blank, like GSM/CDMA
passwords. So always ask for secrets, and send a hint as to what
secret we really want.
- (nm_ppp_manager_update_secrets): make function more generic by making
the device specific class figure out the username and password, and
accept an error argument to return back over D-Bus
* src/nm-device-wifi.c
- (link_timeout_cb, handle_auth_or_fail): update for changes to
nm_act_request_request_connection_secrets()
- (real_connection_secrets_updated): update for 'caller' changes
* src/nm-device.c
src/nm-device.h
- (connection_secrets_updated_cb, connection_secrets_failed_cb): update
for 'caller' changes
* src/nm-device-ethernet.c
- (real_connection_secrets_updated): update for 'caller' changes and
move logic for getting PPPoE username and password here before
calling nm_ppp_manager_update_secrets()
- (link_timeout_cb, handle_auth_or_fail): update for changes to
nm_act_request_request_connection_secrets()
* src/nm-cdma-device.c
- (real_connection_secrets_updated): pass username and password back
to the PPP manager when required
* src/nm-gsm-device.c
- (enter_pin): send the required secret name to the settings service
- (real_connection_secrets_updated): pass username and password back
to the PPP manager when required
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3794 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Add a GError argument to nm_connection_verify() and nm_setting_verify(),
and add error enums to each NMSetting subclass. Each NMSetting subclass now
returns a descriptive GError when verification fails.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3751 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-activation-request.c
src/nm-activation-request.h
- (dispose): ensure to disconnect from the device's state-changed signal
when appropriate so the signal doesn't get handled by an already
disposed NMActRequest
- (device_state_changed): update is_default here too just to make sure
default is only True when the child device is activated
- (nm_act_request_set_default): new function
* src/NetworkManagerPolicy.c
- (update_routing_and_dns): set 'default' on the active connection which
has the default route and DNS
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3584 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* include/NetworkManager.h
- Add NMActiveConnectionState enum
* introspection/nm-active-connection.xml
introspection/nm-vpn-connection.xml
- Add 'State' property for overall active connection state
- Add 'Default' property, when True means this active connection
has the default route
- Add PropertyChanged signals so changes actually go out over the bus
* src/nm-active-connection.h
- Add defines for State & Default properties
* src/nm-activation-request.c
- Add 'state' and 'default' properties, hook up to device 'state-changed'
signal to determine active connection state
* src/vpn-manager/nm-vpn-connection.c
src/vpn-manager/nm-vpn-connection.h
src/vpn-manager/nm-vpn-manager.c
src/vpn-manager/nm-vpn-service.c
- Rename old 'state' to 'vpn-state'
- Rename nm_vpn_connection_get_state() -> nm_vpn_connection_get_vpn_state()
- Add 'state' and 'default' properties, hook up to the vpn connection's
'vpn-state-changed' signal
* libnm-glib/nm-active-connection.c
libnm-glib/nm-active-connection.h
- Add new 'state' and 'default' properties and accessors
* libnm-glib/nm-vpn-connection.c
libnm-glib/nm-vpn-connection.h
- Rename old 'state' property to 'vpn-state'
- Add new 'state' and 'default' properties and accessors
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3582 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/vpn-manager/nm-vpn-connection.c
- (nm_vpn_connection_class_init): PROP_SPECIFIC_OBJECT should be boxed,
not string
* src/nm-activation-request.c
- (nm_act_request_class_init): PROP_SPECIFIC_OBJECT should be boxed,
not string
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3513 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Rework VPN connection handling for a more consistent D-Bus API. The
VPNManager object has been removed, and active VPN connections are now the
same as any other active connection. The Manager object's ActivateConnection
and DeactivateConnection methods are used to start and stop a VPN connection,
and the VPNConnection objects are subclasses of the ActiveConnection objects.
When activating a VPN connection, pass the path of the active connection
to which the VPN connection is tied in the 'specific_object' argument.
Consequently, the libnm-glib API has been reworked to match this arrangement,
with the VPNManager object removed, and the NMVPNConnection objects now
being subclasses of NMActiveConnection.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3504 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* introspection/nm-manager.xml
introspection/nm-manager-client.xml
- (ActivateConnection): return the object path of the active connection
on success
- (GetActiveConnections): remove
- (DeactivateConnection): new function; deactivate a currently active
connection
- Add an ActiveConnections property which returns an array of
active connection object paths
* introspection/nm-device.xml
- (Deactivate): remove
* introspection/all.xml
- Add ActiveConnection introspection
* introspection/nm-active-connection.xml
- Add the ActiveConnection object
* include/NetworkManager.h
- Add the Connection.Active D-Bus interface
* src/nm-device-interface.c
- (impl_device_deactivate): remove
* src/nm-activation-request.c
src/nm-activation-request.c
src/Makefile.am
- Implement the Connection.Active D-Bus interface
* src/nm-manager.c
- (get_property, nm_manager_class_init): add ACTIVE_CONNECTIONS property
- (nm_manager_activate_device): return the active connection path
- (connection_added_default_handler, impl_manager_activate_connection):
return the active connection to the caller
- (add_one_connection_element, impl_manager_get_active_connections):
remove
- (impl_manager_deactivate_connection): new function; deactivate an
active connection
* libnm-glib/nm-device.c
libnm-glib/nm-device.h
- Remove Deactivate() function
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3484 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Split the 802.1x bits out of the wireless-security setting so they are
generalized enough for wired 802.1x to use too.
* introspection/nm-exported-connection.xml
- GetSecrets now returns 'a{sa{sv}}' (a hash of settings hashes) instead
of just a hash of the secrets for one setting
* libnm-util/nm-setting-wireless-security.c
libnm-util/nm-setting-wireless-security.h
- Remove 802.1x-specific stuff
- Added leap-username and leap-password properties for old-school LEAP
* src/nm-device.c
src/nm-device.h
- (connection_secrets_updated_cb): take a list of updated settings names,
not just one
* src/supplicant-manager/nm-supplicant-config.c
src/supplicant-manager/nm-supplicant-config.h
- (nm_supplicant_config_add_setting_wireless_security): remove 802.1x
specific stuff; fix for updated LEAP bits; punt 802.1x stuff
to nm_supplicant_config_add_setting_8021x()
- (nm_supplicant_config_add_setting_8021x): add an 802-1x setting to
the supplicant config
* src/nm-device-802-11-wireless.c
- (build_supplicant_config): pass in the 802.1x setting too, if any
- (real_connection_secrets_updated): take a list of updated settings
names, not just one
* src/nm-device-802-3-ethernet.c
src/nm-cdma-device.c
src/nm-gsm-device.c
- (real_connection_secrets_updated_cb): take a list of updated settings
names, not just one
* src/nm-activation-request.c
src/nm-activation-request.h
- (nm_act_request_class_init): the 'connection-secrets-updated' signal
now passes a list of updated settings names, not just one
- (update_one_setting): new function; handle one updated setting
- (get_secrets_cb): handle multiple settings returned from the
settings service; have to be careful of ordering here as there are
some dependencies between settings (ex. wireless-security and 802.1x
in some cases)
* src/marshallers/nm-marshal.list
- new marshaller for connection-secrets-updated signal
* libnm-util/nm-setting-8021x.c
- Add back the 'pin' and 'psk' settings, for EAP-SIM and EAP-PSK auth
methods
- (verify): a valid 'eap' property is now required
* libnm-util/nm-connection.c
- (register_default_settings): add priorities to settings; there are
some dependencies between settings, and during the need_secrets
calls this priority needs to be respected. For example, only the
wireless-security setting knows whether or not the connection is
going to use 802.1x or now, so it must be asked for secrets before
any existing 802.1x setting is
- (nm_connection_lookup_setting_type): expose
* libnm-util/nm-setting-wireless.c
- (verify): should verify even if all_settings is NULL; otherwise won't
catch the case where there is missing security
* libnm-util/nm-setting-wireless-security.c
- Remove everything to do with 802.1x
- Add old-school LEAP specific properties for username and password
- (need_secrets): rework LEAP secrets checking
- (verify): rework for LEAP and 802.1x verification
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3470 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* libnm-util/nm-setting.c
- (nm_setting_to_hash, one_property_cb): revert previous commit, it's
unecessary to serialize 'name'
* src/nm-activation-request.c
- (get_secrets_cb): fix cases where a full NMSetting is returned from
the GetSecrets call
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3085 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Rework NMSetting structures: Move each setting to it's own file.
Convert to GObject. Remove home grown setting types and use
GTypes.
Use GObject property introspection for hash conversion,
enumerating
properties, etc.
* libnm-util/nm-setting-connection.[ch]
* libnm-util/nm-setting-ip4-config.[ch]
* libnm-util/nm-setting-ppp.[ch]
* libnm-util/nm-setting-vpn.[ch]
* libnm-util/nm-setting-vpn-properties.[ch]
* libnm-util/nm-setting-wired.[ch]
* libnm-util/nm-setting-wireless.[ch]
* libnm-util/nm-setting-wireless-security.[ch]
New files, each containing a setting.
* libnm-util/nm-setting-template.[ch]: A template for creating
* new
settings. To use it, just replace 'template' with the new
setting
name, and you're half-way done.
* libnm-util/nm-setting.c: Convert to GObject and use GObject
introspection instead of internal types and tables.
* libnm-util/nm-connection.c: Adapt the new NMSetting work.
* libnm-util/nm-param-spec-specialized.[ch]: Implement. Handles
GValue types defined by dbus-glib for composed types like
collections,
structures and maps.
* src/*: The API of NMSetting and NMConnection changed a bit:
* Getting
a setting from connection takes the setting type now. Also,
since
the settings are in multiple files, include relevant settings.
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3068 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-activation-request.c
- (dispose): clean up indentation; get the right DBusGProxy object to
cancel the GetSecrets pending call on. Need to use the Secrets
proxy, not the regular connection proxy. Otherwise the GetSecrets
pending call doesn't get canceled, and pressing Cancel in the
applet's password dialog could cause get_secrets_cb() to be called
after the activation request has already been destroyed
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3028 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-activation-request.c
- (get_secrets_cb): handle getting a setting back that is more than
just secrets (ie, user changed auth or EAP method or something)
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3012 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-activation-request.h
src/nm-activation-request.c
- (nm_act_request_set_specific_object): new function; allow setting the
specific object if one isn't set yet
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2991 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
Split the GetSecrets() call off to a separate D-Bus interface so that it
can be more easily locked down with D-Bus policy. Only 'root' (ie, NM)
should be able to call GetSecrets().
* include/NetworkManager.h
- Define the connection secrets D-Bus interface
* src/vpn-manager/nm-vpn-connection.c
- (clear_need_auth): get the right proxy object for the connection
secrets interface
- (get_connection_secrets): use the connection secrets proxy; send
empty hints in get secrets request
* src/nm-activation-request.c
- (nm_act_request_request_connection_secrets): use the connection
secrets proxy; send empty hints in get secrets request
* src/nm-manager.c
src/nm-manager.h
- (connection_get_settings_cb): set the connection secrets proxy on
the connection object too
- (internal_new_connection_cb): create the connection secrets proxy
* introspection/nm-settings-connection.xml
- Define Connection.Secrets interface and move GetSecrets there
- Add a 'hints' argument to GetSecrets
* libnm-glib/nm-settings.c
libnm-glib/nm-settings.h
- (impl_connection_settings_get_secrets): add 'hints' argument
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2989 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-manager.c:
* src/nm-manager.h:
Implement device activation through NMManager.
Implement "pending device activation" here - If the connection
isn't found,
we try to wait for up to 5 seconds for the connection to be
provided.
Add NMConnectionType argument to "connection-added" and
"connection-removed"
signals.
(nm_manager_get): Remove. Finally.
* src/nm-activation-request.c:
* src/nm-activation-request.h:
Remove all the deferred activation code.
* src/nm-device.c: Remove all the deferred activation code. Once
* the device
activation is started, it's started. Update the activation
virtual function
signature.
* src/nm-device-interface.c:
* src/nm-device-interface.h:
Device activation now takes only NMActRequest argument.
Don't expose device activation directly on dbus, it's supposed
to go through
NMManager now.
* src/NetworkManagerPolicy.c (nm_policy_device_change_check):
* Make the code
a bit more compact.
Use the new device activation methods through NMManager.
* introspection/nm-manager-client.xml:
* introspection/nm-manager.xml:
* libnm-glib/nm-client.c:
* libnm-glib/nm-client.h:
Add device activation method.
* libnm-glib/nm-device.c:
* libnm-glib/nm-device.h:
* introspection/nm-device.xml:
Remove device activation method. It's done through NMManager
now.
* src/vpn-manager/nm-vpn-manager.c (impl_vpn_manager_connect):
* Use the shiny
new (nm_manager_get_device_by_path) function, get rid of our own
)find_device).
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2915 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* src/nm-manager.c
src/nm-manager.h
src/nm-activation-request.c
src/nm-activation-request.h
- Move the GetSecrets stuff out of the NMManager instance because it
doesn't really need to be there and complicates things
* src/nm-device.c
- (connection_secrets_failed_cb, device_activation_go): connect to the
connection-secrets-failed signal and deactivate the device if
the GetSecrets call fails
* src/nm-device-802-11-wireless.c
- (link_timeout_cb, supplicant_connection_timeout_cb,
real_act_stage2_config, real_act_stage4_ip_config_timeout): request
secrets and give correct hints about whether new secrets should be
asked for by the client or not
git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@2899 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
